Customer identity verification system

ABSTRACT

A computerized system conducts customer identification processing for customers who remotely open accounts with personal identification information that cannot be verified through available data sources. The system receives a portion of identity data in response to a request for the customer to provide the portion of identity data from a customer identification document during a financial transaction. The system updates an identity profile of the customer by combining the portion of identity data with different portions of previously received identity data that were previously received from different merchants during transactions between the customer and the different merchants. Based on comparing the identity profile to unverified identity data of the customer, the system determines whether to maintain or terminate the account.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/512,188, filed on Jul. 15, 2019, and entitled “CUSTOMER IDENTITYVERIFICATION SYSTEM”, which is a continuation of U.S. patent applicationSer. No. 13/012,728, filed on Jan. 24, 2011, issued as U.S. Pat. No.10,395,245 on Aug. 27, 2019, and entitled “GLOBAL CUSTOMERIDENTIFICATION NETWORK,” which claims the benefit of U.S. ProvisionalPatent Application No. 61/456,727, filed on Nov. 12, 2010, and entitled“GLOBAL CUSTOMER IDENTIFICATION NETWORK,” the disclosures of which areexpressly incorporated by reference herein in their entireties.

TECHNICAL FIELD

The present disclosure relates generally to global customeridentification. More specifically, the present disclosure relates toverifying the identification information of a new customer who opens anaccount remotely.

BACKGROUND

After the 9/11 tragedy, the U.S. government recognized that financialinstitutions in the USA had not known their customers well enough and,as a result, terrorists had opportunities to finance their activitiesthrough the U.S. financial institutions.

The USA PATRIOT Act was established to strengthen the U.S. homelandsecurity. Section 326 of the USA PATRIOT Act requires financialinstitutions to verify the identity of a new customer and to compare thecustomer identity with the blacklist published by the government so thatterrorists, money launderers, and fraudsters cannot use financialinstitutions as vehicles to commit terrorist financing, moneylaundering, and fraud based on fake or stolen identities.

If a U.S. financial institution fails to comply with the USA PATRIOTAct, the financial institution may be subjected to severe regulatorypenalties. In fact, hundreds of millions of dollars of regulatorypenalties have already been levied by the U.S. regulators and governmentagencies to financial institutions as a result of the USA PATRIOT Act.

The impact of the USA PATRIOT Act is not limited to financialinstitutions only. Any organization, service provider, or individual(e.g., money services business, social network, accountant, etc.) whichcan be involved with money laundering and terrorist financing activitiesis impacted by the USA PATRIOT Act.

In addition, the USA PATRIOT Act has also strengthened the enforcementof other laws such as the Bank Secrecy Act, the Fair and Accurate CreditTransactions Act, the Unlawful Internet Gambling Enforcement Act, therequirements of the Office of Foreign Assets Control, etc. A U.S.company can be severely penalized for breaking any of these laws.

Historically, many methods have already been developed to authenticate aperson's identity based on an identification document. For example, ahologram graphic can be embedded on the identification document and thehologram graphic will appear when the identification document is placedunder a special light. If an identification document does not have thishologram graphic, this identification document is a counterfeit. If theidentification document is not a counterfeit and the photo on theidentification document matches the appearance of the identificationdocument holder, the information embedded within or on theidentification document can be used to verify the identity of theidentification document holder.

Similarly, personal identification data such as a fingerprint can beembedded within or on the identification document and a card reader canread the embedded data to authenticate the identity of theidentification document holder. For example, if the fingerprint of theidentification document holder matches the fingerprint informationembedded within or on the identification document, the identificationinformation and personal information displayed on the identificationdocument or extracted from the embedded data can be treated as theidentification information and personal information of theidentification document holder.

Traditionally, when a new customer opens an account with a financialinstitution, a representative of the financial institution will examinethe identification document of the new customer to make sure that (1)the identification document is official and valid, (2) the new customeris the real owner of the identification document, and (3) theidentification information and personal information such as name, dateof birth, address, identification document number, etc. provided by thenew customer corresponds to the information shown on the identificationdocument.

This traditional approach to identify a customer is no longer useful inthe modern age when a new customer opens an account remotely through anetwork, e.g., the Internet, telephone network, etc. Because arepresentative of the financial institution cannot remotely examine theidentification document and the identification document holder as therepresentative used to do in person, a fraudster can easily open anaccount based on fake or stolen identification information.

Although a financial institution can ask a new customer to send a copyof his/her identification document to the financial institution forverification purposes, government regulators and many otherorganizations do not accept this method of customer identificationbecause the financial institution has no way to distinguish whether thecopy is made based on an official identification document or acounterfeit identification document.

At the time of this disclosure, the most commonly used method ofverifying the personal identification information provided by a newcustomer who opens an account remotely is to utilize the informationprovided by credit report companies such as Equifax, TransUnion,Experian, etc. The representative of the financial institution can askthe new customer some detailed personal questions based on theinformation provided by the credit report companies then determinewhether the new customer has the correct identity, as the new customerclaims.

For example, the representative of the financial institution can ask thenew customer which company financed the loan when the new customerbought his/her car. If a fraudster tries to open an account based on avictim's stolen personal identification information, it is unlikely thatthe fraudster also knows all the credit history of the victim.Therefore, a financial institution can achieve an acceptable level ofaccurate customer identification through this method.

If a fraudster tries to open an account based on a fake identity, afinancial institution can refuse to open an account because no credithistory can be found from any credit report company based on the fakeidentity.

Although the above method is commonly used today, there are severaldrawbacks with this method. First, it is a very expensive accountopening process to get a credit report of each new customer. A financialinstitution needs to spend a great deal of money if this method is used.In general, only large financial institutions can afford suchinvestment. This cost factor has practically restricted small financialinstitutions from competing against large ones.

Moreover, many people such as students or recent graduates do not haveany credit history. As a result, students or recent graduates cannotopen accounts remotely if this method is used.

In addition, credit reports are only available in the U.S. and someother well-developed countries. Because credit reports cannot beobtained for civilians and citizens in most countries worldwide, giventhe severe regulatory penalties issued by the U.S. regulators andgovernment agencies as a result of the USA PATRIOT Act, the U.S.financial institutions and other organizations do not want to open newaccounts for foreigners who submit the applications remotely. Therefore,the USA PATRIOT Act has actually restricted the U.S. companies fromcompeting against foreign companies globally.

In fact, even with the help of credit report, a financial institutionmay not be able to detect a fraudster who remotely opens an accountbased on stolen identity of a victim if the fraudster knows the victimvery well. For example, a man may easily use his ex-girl friend's orex-wife's identity to open an account remotely because he knows thecredit history of his ex-girlfriend or ex-wife. There are many loopholesassociated with the existing customer identification methods which areused to identify customers who open account remotely.

Obviously, there is an urgent need for a new customer identificationsolution to open accounts globally for new customers who submitapplications at any place in the world. The present disclosure intendsto provide such solution.

SUMMARY OF THE DISCLOSURE

The present disclosure enables financial institutions and otherorganizations to effectively conduct customer identification on newcustomers who submit applications remotely even if the new customers donot have any credit history or if the new customers are civilians orcitizens of some countries where credit reports are not available. Inaddition, the present disclosure enables financial institutions andother organizations prevent identity theft and fraud.

Although we use opening accounts with financial institutions as anexample in this document, the present disclosure can be applied to manyother situations where customer identification is required.

Official identification documents have been adopted by governmentsworldwide to identify persons. Although different types ofidentification documents are used, many methods have been developed todistinguish the real documents from the counterfeits. In fact, peopleworking for financial institutions or merchants are often trained toidentify counterfeit identification documents based on different toolsand methods.

Furthermore, it is customary for a merchant or financial institution torequest a consumer to present an identification document during afinancial transaction. Consumers are accustomed to this type of requestand will submit their identification documents to merchants or financialinstitutions in order to complete the transactions. For example, when aperson purchases goods or services with a credit card at a store, thecashier of the store may request the person to present his/heridentification document to ensure that this person truly owns the creditcard.

Moreover, merchants and financial institutions have the incentive todetect counterfeit identification documents so that they can preventlosses and damages caused by fraudsters.

The present disclosure uses a network to verify the accuracy of theidentification document and, at the same time, collect the personalidentification information shown on or extracted from the identificationdocument of a person when the person conducts transactions with thirdparties. This collected information is used by a financial institutionor other organization to verify the personal identification informationsubmitted by the person when the person opened an account with thefinancial institution or other organization. As a result, customidentification of a person can be effectively achieved through a networkof third-party entities conducting transactions with the person duringtheir normal courses of business with the person.

In this disclosure, the terminology “network” generally refers to acommunication network or networks, which can be wireless or wired,private or public, real time or non-real time, or a combination of them,and includes the well-known Internet.

In this disclosure, the terminology “computer” or “computer system”generally refers to either one computer or a group of computers, whichmay work alone or work together to accomplish the purposes of thesystem.

In this disclosure, the terminology “processor” generally refers toeither one processor or a group of processors, which may work alone orwork together to accomplish the purposes of the processor.

In this document the term “module” refers to a single component ormultiple components which can be hardware, software, firmware, or acombination thereof, and may work alone or work together to accomplishthe purposes of the module.

In this disclosure, a “bank” or “financial institution” generally refersto a financial service provider, either a bank or a non-bank, wherefinancial services are provided.

In this disclosure, a “bank account” or “financial account” generallyrefers to an account associated with a financial institution, either abank or a non-bank, where financial transactions can be conductedthrough financial instruments such as cash, checks, credit cards, debitcards, ATM cards, stored value cards, gift cards, pre-paid cards, wires,monetary instruments, letters of credit, notes, securities, commercialpapers, commodities, precious metal, electronic fund transfers,automatic clearing house, etc.

In this disclosure, “financial transactions” generally refer totransactions related to financial activities, including but not limitedto payment, fund transfer, money services, payroll, invoicing, trading,escrow, insurance, underwriting, merger, acquisition, account opening,account closing, etc.

In this disclosure, “trading” generally refers to trading activities,both private and public, including but not limited to trading of stock,currency, commodities, rights, values, securities, derivatives, goods,services, merchandise, etc.

In this disclosure, “securities” are generally referred to according tothe definition in the Securities Act of 1933. For example, securitiesmay generally include note, stock certificate, bond, debenture, check,draft, warrant, traveler's check, letter of credit, warehouse receipt,negotiable bill of lading, evidence of indebtedness, certificate ofinterest or participation in any profit-sharing agreement,collateral-trust certificate, preorganization certificate orsubscription, transferable share, investment contract, voting-trustcertificate; valid or blank motor vehicle title; certificate of interestin property, tangible or intangible; instrument or document or writingevidencing ownership of goods, wares, and merchandise, or transferringor assigning any right, title, or interest in or to goods, wares, andmerchandise; or, in general, any instrument commonly known as a“security”, or any certificate of interest or participation in,temporary or interim certificate for, receipt for, warrant, or right tosubscribe to or purchase any of the foregoing.

In this disclosure, a “consumer” generally refers to a customer, person,subject, payer, payee, beneficiary, user, or client, etc., seeking toperform a transaction with an individual, an organization, a merchant,and/or a financial institution.

In this document, the terminology “identification document” generallyrefers to a passport, driver's license, voter card, benefits card,student identification card, social security card, nationalidentification card, identity card, certificate of legal status, andother official documents and information bearing instruments thatidentify a designated individual by certain verifiable characteristics,that are issued or certified by a consulate, embassy, government agency,public or private organizations or other governmental authorities, andthat are protected against unauthorized copying or alteration by theresponsible party or parties. In particular, such “identificationdocuments” can be formed from various materials, including paper,plastic, polycarbonate, PVC, ABS, PET, Teslin, composites, etc. and canembed the identification information in various formats, includingprinted or embossed on the document (or card), written on a magneticmedium, programmed into an electronic device, stored in a memory, andcombinations thereof. The “identification information” may include, butis not necessarily limited to, names, identification numbers, date ofbirth, signatures, addresses, passwords, phone numbers, email addresses,personal identification numbers, tax identification numbers, nationalidentification numbers, countries that issue the IDs, states that issuethe IDs, ID expiration date, photographs, fingerprints, iris scans,physical descriptions, and other biometric information. The embeddedinformation can be read through optical, acoustic, electronic, magnetic,electromagnetic, and other media.

In this disclosure, “personal identification information” generallyrefers to name, address, date of birth, personal identification number,user ID, password, tax identification number, type of the identificationdocument used, identity number associated with the identificationdocument, country, state, government organization and/or a privateorganization issuing the identification document, expiration date of theidentification document, phone number, screen name, e-mail address,photographs, fingerprints, iris scans, physical descriptions, and otherbiometrical information.

In this disclosure, “personal information” includes at least one ofpersonal identification information, personal relationships, personalstatus, personal background, personal interests, and personal financialinformation including information related to financial instruments,financial accounts, and financial activities.

In this disclosure, “financial instruments” generally refer toinstruments which are used to conduct financial transactions. Examplesof financial instruments include cash, credit cards, debit cards, ATMcards, prepaid cards, stored value cards, gift cards, checks, monetaryinstruments, wire transfers, letters of credit, notes, securities,commercial papers, commodities, gold, silver, etc.

In this disclosure, a “personal communication device” generally refersto a device interface used for personal communication purposes.

In this disclosure, a “device interface” generally refers to a keyboard,a keypad, a monitor, a display, a terminal, a computer, a control panel,a vehicle dash board, a network interface, a machinery interface, avideo interface, an audio interface, an electrical interface, anelectronic interface, a magnetic interface, an electromagnetic interfaceincluding electromagnetic wave interface, an optical interface, a lightinterface, an acoustic interface, a video interface, an audio interface,a contactless interface, a mobile phone interface, a smartphoneinterface, a smartbook interface, other communication device interface,a Personal Digital Assistant (PDA) interface, a handheld deviceinterface, a portable device interface, a wireless interface, a wiredinterface, and other interfaces.

In this document, the terminology “terminal” or “kiosk” generally refersto equipment, including a computer and/or its peripherals,microprocessor and/or its peripherals, ATM terminal, check-cashingkiosk, money services kiosk, merchant checkout stand, cash register,coin exchange machine, parking lot payment kiosk, other payment kiosks,contactless device, wire line phone, mobile phone, smartphone,smartbook, personal communication device, tablet device, digitalassistant, entertainment device, network interface device, router,and/or Personal Digital Assistant (PDA), etc., which interfaces a userwith a computer network, so that the user may interact with computersystems and other equipment connected to the computer network.

For a further understanding of the nature and advantages of the presentdisclosure, reference should be made to the following description takenin conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 illustrates a system and network diagram of a Global CustomerIdentification Network (“GCIN”) to enable consumers, financialinstitutions and merchants to jointly conduct customer identification.

FIG. 2 is a flowchart of an example process, indicating how a consumerregisters with the computer system of GCIN as shown in FIG. 1 .

FIG. 3A and FIG. 3B are flowcharts of an example process, indicating howthe system shown in FIG. 1 enables a consumer to conduct financialtransaction with a retail store or financial institution in person.

FIG. 4 is flowchart of an example process, explaining how the systemshown in FIG. 1 determines whether a consumer has provided correctpersonal identification information to GCIN.

DETAILED DESCRIPTION

The U.S. government strictly enforces financial institution (e.g.,banks, credit unions, stockbrokers, insurance companies, etc.)compliance with the USA PATRIOT Act, the Bank Secrecy Act (BSA), theFair and Accurate Credit Transactions Act (FACT Act), the UnlawfulInternet Gambling Enforcement Act (UIGEA), the regulations set by theOffice of Foreign Assets Control (OFAC) and other related laws andregulations. Hundreds of millions of dollars in Civil Monetary Penalties(CMPs) have already been levied by the U.S. government regulators andagencies to some financial institutions for violating these laws andregulations. Verifying customer identity (i.e., customer identification)is essential to complying with these laws and regulations.

The Internet has changed our world tremendously. An organization has theopportunity to open accounts for members and/or clients all over theworld through the Internet. However, without effective customeridentification, this organization may become the vehicle for moneylaundering, terrorist financing, fraud, and other criminal activities.

For example, many fraudsters have already used social networks, which donot conduct customer identification, to commit fraud. Money launders andterrorists have already used the services provided by someInternet-based companies to conduct money laundering and terroristfinancing activities.

In fact, the U.S. government has classified those Internet companiespermitting members and/or clients to conduct money transfer, paymenttransaction among members and/or clients, and any other equivalent valuepurchase or exchange as Money Services Businesses (MSBs). These MSBshave to comply with the USA PATRIOT Act, the Bank Secrecy Act, the FACTAct, the OFAC regulations, and other related laws and regulations toprevent money laundering and terrorist financing activities. Both E-Goldand Paypal, which are not traditional financial institutions, havealready received severe regulatory penalties issued by the U.S.government. Many U.S. organizations and individuals will face regulatorypressure similar to what U.S. financial institutions are facing today.

To prevent money laundering, terrorist financing, fraud, and financialcrimes, many other countries have established laws, rules, andregulations that are similar to what the U.S. government hasestablished. As a result, the great potential promised by the Internethas been blocked by laws and regulations because there has been noeffective way to verify the identity of a customer who opens an accountremotely.

A goal of the present disclosure is to provide an effective customeridentification solution so that a remote person can open an account,through a network, at any location in the world.

When a consumer opens an account with an organization online, thisorganization can require the consumer to provide some personalidentification information and contact information. In one embodiment ofthe present disclosure, the organization verifies the consumer'sidentity with the blacklists, e.g., the OFAC list, etc., published byvarious government organizations worldwide to ensure it is not againstlaws and regulations to conduct business with this consumer.

In addition, in one embodiment of the present disclosure, theorganization starts to monitor the activities of the consumer to ensurethat there is no suspicious activity. If there is a suspicious activityinvolved with the consumer, the organization may report the suspiciousactivity to proper government organizations and agencies, e.g., theFinancial Crimes Enforcement Network (FinCEN) in the USA.

If the organization is a financial institution in the USA, in oneembodiment of the present disclosure, the financial institution mayreport the suspicious activity through a Suspicious Activity Report(SAR) to FinCEN in accordance with the Bank Secrecy Act. Furthermore, inone embodiment of the present disclosure, the U.S. financial institutionmay verify the identity of the consumer with the 314(a) list that isperiodically published by FinCEN according to Section 314(a) of the USAPATRIOT Act. If the identity of the consumer matches an entity on the314(a) list, the financial institution reports such match to FinCEN incompliance with the USA PATRIOT Act.

In another embodiment of the present disclosure, the financialinstitution may report to the proper government organizations oragencies cash transactions with an aggregate amount over a limit set bythe government. In yet another embodiment of the present disclosure, thefinancial institution may report to the proper government organizationsor agencies cross-border transactions with an aggregate amount over alimit set by the government.

To avoid being caught, a fraudster, money launderer, or terrorist maynot provide his true identity during the account opening process. Theorganization therefore conducts customer identification to verify thetrue identity of the new customer.

However, as explained earlier, there is no easy way for the organizationto determine whether the information provided by the consumer is correctif the account is opened remotely. Verifying the identity of a newcustomer who remotely opens an account becomes even more difficult whenthe new customer has no credit history or when the new customer is aresident of a country where no public records are available to verifythe identity of a person.

The present disclosure uses a computer network, e.g., the Internet, toreach many third-party entities, including merchants, financialinstitutions, schools, government organizations, companies, individuals,for-profit organizations, non-profit organizations, etc. In oneembodiment of the present disclosure, when a consumer conducts atransaction with a third party, a central computer uses thetransactional information (e.g., an account number or account ID used inthe transaction) to search for the consumer's personal identificationinformation which was collected from the consumer during the accountopening process.

The “transaction” described above includes both financial transactions,e.g., a payment, and non-financial transactions, e.g., an inquiry. Ingeneral, any activity related to an account, a subject, a consumer, or arecord can be called a transaction.

In one embodiment of the present disclosure, verification of an identityresults from the central computer randomly selecting a piece of datawhich appears on and/or is embedded within the consumer's identificationdocument. A third party conducting the transaction (referred to as amerchant for ease of explanation) is prompted to input the randomlyselected piece of Identification data. Thus, the merchant requests theconsumer to provide an identification document which contains such pieceof data. For example, the central computer system can prompt themerchant to enter the last four digits of the identification documentnumber, the date of birth, the last name, first name initial, zip codeof the address, country or state that issued the identificationdocument, expiration date, etc. The data input can be accomplished byeither the merchant manually inputting the data or a device interfacewhich can read the embedded data from an identification document.

Other merchants will enter different pieces of randomly selected datawhen the consumer conducts transactions with these other merchants.Thus, as more transactions occur, different pieces of data will bereceived from the various merchants, providing verification of differentaspects of the identification data.

This process slices the entire set of identification data, which needsto be verified, into many small pieces of data like a jigsaw puzzle.Although each merchant only enters one small piece of the data for eachtransaction with the consumer, the entire set of identification datawill be fully verified when additional transactions occur (possibly withdifferent merchants). In this case, more data is verified whenadditional pieces have been correctly entered by the merchants involvedin the process.

In one embodiment of the present disclosure, the central computer systemrepeatedly asks different merchants the same question. If multiplemerchants provide the same answer, it will enhance the reliability ofsuch answer.

In another embodiment of the present disclosure, the central computersystem asks different questions which may produce overlapped answers. Ifthe overlapped portion is identical, the reliability of the overlappedanswers is further enhanced. The central computer can achieve higheraccuracy and reliability in the identity verification process byprompting different merchants to answer different questions in differenttransactions at different locations. For example, the central computercan prompt a first merchant to enter the last name of the consumer; asecond merchant to enter the middle name of the consumer; a thirdmerchant to enter the first name of the consumer; a fourth merchant toenter the year of birth; a fifth merchant to enter the last four digitsof the identification document number; etc.

In one embodiment of the present disclosure, if the consumer onlyconducts transactions with the same merchant, this identity verificationprocess is withheld so that one merchant cannot provide more than apre-defined number of pieces of identification information prompted bythe central computer.

Because many different merchants are involved in this identityverification process at different times and locations, it is difficultfor a fraudster to bribe or otherwise conspire with all these merchantsto cover up the fraudster's false identity. It may not be desirable tohave only single merchant answering all questions during a transactionbecause one merchant can be easily bribed. Furthermore, it wouldunfairly burden a merchant by requesting all personal identificationinformation of a consumer to be manually entered by the merchant duringa transaction.

In addition, a consumer may not feel comfortable when an entity (e.g.,merchant) enters all of his/her personal identification information intoa device interface during a transaction because such personalinformation may be viewed by the consumer as private and confidential.Because some supermarkets and gas stations have been asking consumers toprovide partial personal information, e.g., zip code, during paymenttransactions, consumers are accustomed to such questions and will notmind providing some partial data such as the year of birth for identityverification purposes.

In one embodiment of the present disclosure, a merchant uses a deviceinterface to read the personal identification data embedded within or onthe identification document and the device interface directly sends thedata to the central computer. Because the data is read electronicallyfrom the identification document and sent directly to the centralcomputer, the fraud committed by fraudsters and third parties, e.g.,merchants, as explained above, can be reduced or eliminated.

As discussed above, the questions can be randomly presented duringdifferent transactions so that fraudsters cannot prepare for the answersin advance. In another embodiment of the present disclosure, the centralcomputer randomly decides whether to even ask a question during aparticular transaction. Thus, because of the random nature of theprocess, a fraudster cannot predict what will happen in the transaction.

If a consumer did not provide accurate personal identificationinformation during the account opening process, the data entered by themerchant will not correspond to the records collected from the consumerduring the account opening process. Therefore, when the identificationdata entered by a merchant does not correspond to the identificationdata in the account records, either the consumer has provided aninaccurate identification document for the transaction or the consumerhad provided inaccurate information during the account opening process.

Because either case implies a fraudulent intention, in one embodiment ofthe present disclosure, the central computer rejects the transaction orinforms the merchant to reject the transaction when the identificationdata entered by the merchant does not correspond to the identificationdata in the account records to protect the merchant and/or theorganization which services the consumer's account.

In one embodiment, after the identification information in the accountrecords of a consumer has been verified as “accurate” with a certaindegree of confidence, through receiving a sufficient number of pieces ofcorrect identification information during various transactions, theidentity verification of the consumer may be suspended in futuretransactions.

In another embodiment of the present disclosure, after all theidentification information in the account records of a consumer has beencompletely verified, the identity verification of the consumer may besuspended in future transactions. For easy explanation, the period fromthe beginning of the identity verification to the time when all theidentification information in the account records of a consumer has beencompletely verified is referred to as “identity verification phase.”

Because all the identification information in the account records of theconsumer has been fully verified after the identity verification phase,the identification information in the account records can be used forfraud prevention purposes.

In one embodiment of the present disclosure, the central computer systemcontinues to ask identity verifying questions even after the identityverification phase. This continuous process can prevent fraud caused bystolen financial instruments. For example, if a fraudster steals theconsumer's credit card information and uses a counterfeit card toconduct transaction, the chance for the fraudster to know all thepersonal identification information of the consumer is very low. Even ifthe fraudster uses a counterfeit identification document to conduct atransaction and the merchant fails to recognize that the identificationdocument is counterfeit, the information on this counterfeitidentification document will not correspond to the personalidentification information in the account records of the consumer.Therefore, if a merchant enters incorrect information in this continuousprocess, it is possible that a fraudster is conducting a transactionwith the merchant based on a counterfeit identification document. Thecentral computer may reject the transaction or inform the merchant tostop the transaction to prevent fraud.

As a result, this approach also prevents fraud committed by a fraudsterbecause a correct identification document must be used to complete thetransaction. Because fraud would adversely affect the merchant, themerchant conducting a transaction with a consumer has the incentive toparticipate in this identity verification process to prevent losses anddamages caused by fraud.

Similarly, this approach also prevents identity theft. If a fraudstersuccessfully opened an account based on a stolen identity of a victim,the fraudster will not be able to provide an identification document ofthe victim to conduct the transaction.

If a fraudster purposely provides incorrect information during theaccount opening process and uses a counterfeit identification documentbased on the incorrect information to conduct transactions withmerchants, the likelihood of any merchant detecting the counterfeitidentification document is high because merchants are trained torecognize counterfeit identification documents. If a merchant detects acounterfeit identification document, in one embodiment of the presentdisclosure, the merchant reports the detected case of counterfeiting tothe central computer.

During the identity verification phase, the central computer may freezethe consumer's account and conduct further investigation when theidentification data entered by any of the merchants does not correspondto the identification data provided by the consumer during the accountopening process or when a merchant has reported a counterfeitidentification document used by the consumer.

For example, to conduct further investigation, in one embodiment of thepresent disclosure, the central computer can request the consumer tomeet a representative of the central computer system so that theconsumer's identity can be thoroughly verified in person.

Alternatively, in another embodiment of the present disclosure, thecentral computer can immediately close the account when theidentification data entered by any of the merchants does not correspondto the identification data provided by the consumer during the accountopening process or when a merchant has reported a counterfeitidentification document used by the consumer.

In one embodiment of the present disclosure, the organization, e.g.,financial institution, involved in the transaction files a SuspiciousActivity Report (“SAR”) to report identity theft in compliance with theBank Secrecy Act and the FACT Act.

To further eliminate money laundering, terrorist financing, fraud andother criminal activities, in one embodiment of the present disclosure,a consumer account can be restricted for certain activities until theaccount is fully verified by the central computer. For example, afinancial account holder can be restricted to conducting only limitedtransactions during a period of time, e.g., less than $200 per week,until the central computer has fully verified the identity of theaccount holder. Because money launderers, terrorists, fraudsters andother criminals likely do not want to risk jail time for a totaltransactional amount of less than $200 week, the above limit effectivelyeliminates or reduces the risk of money laundering, terrorist financing,fraud, and other financial crimes.

In yet another embodiment of the present disclosure, the centralcomputer also monitors the frequency of canceled transactions of aconsumer. Because a fraudster knows that he is using a counterfeitidentification document, he may cancel the transaction if the thirdparty (e.g., merchant) questions him about his counterfeitidentification document. Therefore, frequent cancellations can also beused as an alert associated with the consumer. A financial institutionmay conduct further investigation on the account holder if frequentcancellations of transactions have occurred in the account.

In general, due to privacy concerns, it may not be desirable for thecentral computer to provide the personal identification information ofthe account holder and merely ask a merchant to confirm theidentification information. For example, a fraudster can work togetherwith a merchant to steal the personal identification information if thepersonal identification information is provided by the central computer.In fact, the Gramm-Leach-Bliley Act (GLB Act) prohibits U.S. financialinstitutions from disclosing their clients' non-pubic personalinformation. Therefore, it is not desirable to display the personalidentification information of the account holder during a transaction.

Furthermore, a third party may not seriously conduct the identityverification process if the third party only selects “YES” or “NO” as ananswer. For example, when a clerk of a merchant is tired, he may tend toselect “YES” to get his job done quickly without truly examining theidentification document in details. Therefore, as described above, themerchant supplies a piece of personal identification information of theconsumer to the central computer and the central computer does notprovide the personal identification information to the merchant. Thisapproach reduces or eliminates the chance for identity theft by thirdparties and is compliant with the GLB Act.

However, the GLB Act or privacy may not be a concern in certaincountries or industries. In one embodiment of the present disclosure,the central computer provides the identification information in theaccount records of a consumer during a transaction and requests themerchant to confirm whether the identification information provided bythe central computer is correct.

In one embodiment of the present disclosure, the central computerselects only certain credible merchants to conduct this identityverification process to avoid the potential abuse by merchantsconsidered to be susceptible to bribery from fraudsters. For example,the central computer only requests identification informationverification from some publicly-listed companies believed to have higherethical standards.

In one embodiment of the present disclosure, the central computer alsorecords which merchants are involved in the identity verificationprocess of each account holder. If the central computer has determinedthat a particular account holder has provided incorrect informationduring the account opening process, all merchants, which have mistakenlyverified the account holder's false identity as real before, should beclassified as “third parties with questionable credibility.”

In one embodiment of the present disclosure, the central computer mayre-conduct all the identity verifications conducted by these “thirdparties with questionable credibility.”

In another embodiment of the present disclosure, the central computermay randomly re-conduct some of the identity verifications conducted bythese “third parties with questionable credibility” and compare the newverification results with the old verification results. If thecomparison indicates that a “third party with questionable credibility”has purposely made mistakes, more corrective actions can be taken to fixthe problems.

For example, in one embodiment of the present disclosure, more identityverifications, which were conducted by this “third party withquestionable credibility,” will be re-conducted.

In another embodiment of the present disclosure, a penalty can be issuedto this “third party with questionable credibility” based on acommercial arrangement with the third party.

In yet another embodiment of the present disclosure, a regulatory reportabout this third party may be filed to the proper governmentorganizations and agencies.

Because the merchant can see the consumer in person, the merchant canverify (1) whether the photo on the identification document matches theappearance of the consumer, and (2) whether the identification documentis real and valid.

To further help the merchants involved in the above identityverification process prevent fraud, in one embodiment of the presentdisclosure, an account holder uploads his/her photo during the accountopening process. As a result, the central computer can send the photo,collected from the account holder during the account opening process, tothe merchant conducting a transaction with a consumer based on theaccount. If the photo of the account holder shown on the deviceinterface does not match the appearance of the consumer, the consumermay be a fraudster who intends to steal the account.

Sometimes, a consumer may change his/her identification document. Forexample, if a U.S. resident moves from one state to another state,he/she may receive a new driver's license issued by the new state. If aconsumer changes his/her identification document, in one embodiment ofthe present disclosure, the consumer updates his/her account records andthe central computer will re-conduct the identity verification of theconsumer based on the new identification document.

In one embodiment, if the identity of the consumer was previouslyverified based on an old identification document, only a partial set ofpersonal identification information may be re-verified when the consumerchanges his/her identification document. That is, the identityverification may be less rigorous if the consumer was previouslyverified.

In one embodiment, the present disclosure is integrated into theexisting networks of payment systems, e.g., credit card, debit card,pre-paid card, gift cards, Automated Clearing House (ACH), AutomatedTeller Machine (ATM), Society for Worldwide Interbank FinancialTelecommunication (SWIFT), Wire, etc. so that financial institutions canfulfill their customer identification obligations required by laws andregulations.

In another embodiment, the present disclosure is integrated with onlineorganizations' systems and networks which provide online products andservices such as a social network, mobile payment, online payment,coupon purchase, credit exchange, value trade, online gaming, etc. sothat these online organizations can protect their members and clientsagainst crimes and fraud. These organizations can also comply withapplicable laws and regulations regarding customer identification.

Although “merchants” are used in the above examples for easyexplanation, the present disclosure also applies to other third-partyentities which may not be merchants. In general, any third partyconducting a transaction with a consumer can participate in thiscustomer identification process to verify the identification informationin the consumer's account records.

As contemplated in the described embodiments, one of many possiblecombinations is described below as an example. The computer system ofthe Global Customer Identification Network (“GCIN”) 500 and a computernetwork 600, such as the Internet, enable a financial institution 200, aretail store 300 and an online merchant 400 to jointly conduct customeridentification on a consumer 100, as shown in FIG. 1 .

Reference should now be made to the flowchart of FIG. 2 in combinationwith the system diagram of FIG. 1 , which together illustrate how aconsumer can open an account with the GCIN computer system 500. In oneembodiment, the consumer remotely opens the account.

First (block 2001), a consumer 100 remotely inputs her name, user ID,password and other information requested during the account openingprocess through a network 600. In addition (block 2002), the consumer100 inputs her personal identification information which is embeddedwithin or on her identification document (e.g., a driver's license) andher financial instrument (e.g., a credit card), if applicable.Alternatively, if the GCIN computer system 500 is owned by or associatedwith a financial institution, the financial institution may provide theGCIN computer system 500 with the information regarding the consumer'sfinancial instrument after the account is opened for the consumer 100.Because the personal identification information is remotely input, theinformation is not yet verified. For example, when a consumer opens anonline account, the online organization, e.g., a social network,sometimes cannot verify whether the consumer entered accurateinformation. That is, the identification information may be fraudulent,but the online organization cannot verify this based on availableinformation. This consumer input identification information will bereferred to as “unverified identification information.”

Furthermore (block 2003), the consumer 100 inputs her contactinformation that enables the GCIN computer system 500 to contact theconsumer 100.

In one embodiment, to further facilitate fraud prevention, the consumer100 uploads her photo (block 2004) for easy identification purposes. Theabove information provided by the consumer 100 is stored in a databaseof the GCIN computer system 500.

After opening an account, the consumer 100 is permitted to conductfinancial transactions. During these financial transactions, theidentification information of the consumer is verified piece by piece.

In one embodiment, the initial transactions are limited to small dollaramounts until sufficient identity verification has been accomplished.

The flowchart in FIGS. 3A and 3B in combination with the system diagramof FIG. 1 illustrate how transactions will verify the identity of theconsumer.

The consumer 100 provides the retail store 300 with her financialinstrument (e.g., a credit card). In addition, the consumer 100 providesthe retail store 300 with her identification document (e.g., a driver'slicense). The retail store 300 enters the identification data of thefinancial instrument (e.g., account number) into a device interface ofthe GCIN computer system 500 (block 3001).

The identification data of the financial instrument is sent to the GCINcomputer system 500 via the network 600. The GCIN computer system 500uses the received data to identify the account of the consumer 100(block 3002).

In one embodiment, the GCIN computer system 500 sends the photo of theaccount holder through the network 600 to the retail store 300 anddisplays the photo on the device interface (block 3003).

The retail store 300 determines whether the photo matches the appearanceof the customer who stands inside the retail store 300 (decision block3004). If the photo does not match the appearance of the customer (NObranch 3005), the retail store 300 rejects the transaction (block 3012)and informs the GCIN computer system 500 of such rejection.

If the photo matches the appearance of the customer (YES branch 3006),the GCIN computer system 500 prompts the retail store 300 to enter apiece of data (e.g., the date of birth) which is displayed on thecustomer's identification document (e.g., the driver's license). Byverifying different pieces of information from different merchantsduring different transactions, the verification becomes more reliable.

The retail store 300 reads the data from the consumer's identificationdocument and inputs the data into the device interface of GCIN computersystem 500 (block 3007).

The GCIN computer system 500 determines whether the received datacorresponds to the record provided by the consumer 100 during heraccount opening process (decision block 3008).

If the received data does not correspond to the record provided by theconsumer 100 (NO branch 3009), the GCIN computer system 500 informs theretail store 300 to reject the transaction (block 3012). As describedabove, an investigation may occur if the process is still in theidentity verification phase.

If the received data corresponds to the record provided by the consumer100 (YES branch 3010), the GCIN computer system 500 informs the retailstore 300 to complete the transaction (block 3011).

Sometimes, the retail store 300 may permit the consumer 100 to interactdirectly with the device interface in the retail store 300. For example,an automatic checkout stand may expect the consumer 100 to interfacedirectly with the checkout stand. Under such circumstances, a deviceinterface can read the data embedded within or on the identificationdocument of the consumer 100 and send the data directly to the GCINcomputer system 500 (at block 3007).

Based on whether the retail store 300 enters the correct piece ofidentification information of the consumer 100, the GCIN computer system500 can complete a portion of the identity verification process of theconsumer 100. The flowchart in FIG. 4 and the system diagram of FIG. 1illustrate how the identity verification process may be accomplished bythe GCIN computer system 500.

The GCIN computer system 500 randomly selects a piece of data which isembedded within or on the identification document of the consumer 100and prompts the retail store 300 to input such data based on what theretail store 300 can obtain from the identification document of theconsumer 100 (block 4001).

In one embodiment, multiple merchants at multiple locations conducttransactions at different times in this identity verification process.Because the merchants are randomly selected and the piece of data whicheach merchant is requested to input is randomly selected (and likelydifferent), it is very difficult for the consumer 100 to cheat or bribeall the merchants. In addition, commercial arrangements can be madebetween the GCIN computer system 500 and the merchants to ensure thatmerchants will perform honestly and diligently in this identityverification process.

The GCIN computer system 500 determines whether the data input by theretail store 300 corresponds to the record provided by the consumer 100during the account opening process (decision block 4002).

If the piece of data input by the retail store 300 corresponds to therecord (YES branch 4003), no action will be taken. If the piece of datainput by the retail store 300 does not correspond to the record (NObranch 4004), the GCIN computer system 500 will immediately freeze theaccount of consumer 100 and request the consumer 100 to contact the GCINcomputer system 500 (block 4005).

Under such circumstances, the GCIN computer system 500 may need to takeadditional actions to conduct customer identification. For example, theconsumer 100 may be requested to bring her identification document tomeet a representative of the GCIN computer system 500 in person so thatthe representative of the GCIN computer system 500 can thoroughly verifythe identity of the consumer 100. If this event occurs after theidentity verification phase (i.e. all the identification information inthe account records has been completely verified, meeting the consumermay not be necessary because this may be a fraud committed by afraudster.)

In one embodiment, the above process as described in the flowchart inFIG. 4 will be repeated at multiple locations at different times anddifferent merchants are involved. If all merchants involved have enteredthe correct pieces of data as prompted by the GCIN computer system 500,the consumer 100 is presumed to have submitted correct personalidentification information during the account opening process. As aresult, the GCIN computer system 500 has successfully completed thecustomer identification process of the consumer 100.

The methodologies described herein may be implemented by various meansdepending upon the application. For example, these methodologies may beimplemented in hardware, firmware, software, or any combination thereof.For a hardware implementation, the processing may be implemented withinone or more application specific integrated circuits (ASICs), digitalsignal processors (DSPs), digital signal processing devices (DSPDs),programmable logic devices (PLDs), field programmable gate arrays(FPGAs), processors, controllers, micro-controllers, microprocessors,electronic devices, other electronic units designed to perform thefunctions described herein, or a combination thereof.

For a firmware and/or software implementation, the methodologies may beimplemented with modules (e.g., procedures, functions, and so on) thatperform the functions described herein. Any machine-readable mediumtangibly embodying instructions may be used in implementing themethodologies described herein. For example, software codes may bestored in a memory and executed by a processor. Memory may beimplemented within the processor or external to the processor. As usedherein the term “memory” refers to any type of long term, short term,volatile, nonvolatile, or other memory and is not to be limited to anyparticular type of memory or number of memories, or type of media uponwhich memory is stored.

If implemented in firmware and/or software, the functions may be storedas one or more instructions or code on a computer-readable medium.Examples include computer-readable media encoded with a data structureand computer-readable media encoded with a computer program.Computer-readable media includes physical computer storage media. Astorage medium may be any available medium that can be accessed by acomputer. By way of example, and not limitation, such computer-readablemedia can comprise RAM, ROM, EEPROM, CD-ROM, DVD, or other optical diskstorage, magnetic disk storage or other magnetic storage devices, or anyother medium that can be used to store desired program code in the formof instructions or data structures and that can be accessed by acomputer; disk and disc, as used herein, includes compact disc (CD),laser disc, optical disc, digital versatile disc (DVD), floppy disk andblue-ray disc where disks usually reproduce data magnetically, whilediscs reproduce data optically with lasers. Combinations of the aboveshould also be included within the scope of computer-readable media.

In addition to storage on computer readable medium, instructions and/ordata may be provided as signals on transmission media included in acommunication apparatus. For example, a communication apparatus mayinclude a transceiver having signals indicative of instructions anddata. The instructions and data are configured to cause one or moreprocessors to implement the functions outlined in the claims. Thecommunication apparatus may not store all of the instructions and/ordata on a computer readable medium.

The embodiments described in this disclosure can be assembled to form avariety of applications based on the need. Those skilled in the art andtechnology to which this disclosure pertains can appreciate thatalterations and changes in the described structure may be practicedwithout meaningfully departing from the principal, spirit, and scope ofthis disclosure. Such alterations and changes should not be construed asdeviations from the present disclosure.

What is claimed is:
 1. A computerized method for electronicallyverifying identity data of a customer, comprising: issuing, from anaccount computer system, a financial instrument associated with anaccount for the customer without verifying the identity data of thecustomer; receiving, at the account computer system from a merchantcomputer system associated with a merchant, a request to approve afinancial transaction between the merchant and the customer using thefinancial instrument; receiving, at the account computer system from themerchant computer system, a portion of identity data in response to arequest for the customer to provide the portion of identity data from acustomer identification document during the financial transaction;updating, at the account computer system, an identity profile of thecustomer by combining the portion of identity data with differentportions of previously received identity data that were previouslyreceived from different merchants during transactions between thecustomer and the different merchants; comparing, at the account computersystem, the identity profile to unverified identity data of the customerwhen a number of transactions with the financial instrument is greaterthan a first transaction threshold; determining, by the account computersystem, whether to maintain or terminate the account based on thecomparing; maintaining the account, by the account computer system, whenthe identity profile matches the unverified identity data, andterminating the account, by the account computer system, when thecustomer identity profile does not match the unverified identity data.2. The method of claim 1, further comprising opening the account withoutverifying the identity data with a credit reporting agency.
 3. Themethod of claim 1, further comprising determining, at the accountcomputer system, the portion of identity data to request, the portion ofidentity data being a random portion of identity data when the number oftransactions is less than a second transaction threshold, and theportion of identity data being based on the different portions ofpreviously received identity data when the number of transactions isgreater than the second transaction threshold.
 4. The method of claim 1,in which the identification document comprises at least one of adriver's license, passport, a government-issued identification document,an alien identification card, a student identification card, a socialsecurity card, a tax identification card, a national identificationcard, a voter identification card, a benefits card, an officialidentification document, or a combination thereof.
 5. The method ofclaim 1, in which the identity data is associated with at least one of aname, an address, a date of birth, a personal identification number, auser ID, a password, a tax identification number, a type ofidentification document, an identity number of the identificationdocument, a country, a state, a government organization issuing theidentification document, a private organization issuing theidentification document, an expiration date of the identificationdocument, a phone number, a screen name, an e-mail address, aphotograph, a fingerprint, an iris scan, a physical description, abiometrical information, or a combination thereof.
 6. The method ofclaim 1, in which the portion of identity data is obtained from a deviceof the transaction computer system that extracts the identity dataembedded in a storage unit of the identification document or extractsthe identity data printed on the identification document.
 7. The methodof claim 1, further comprising transmitting, from the account computersystem to the merchant computer system, a message approving thefinancial transaction when a portion of the unverified identity datamatches the portion of identity data.
 8. The method of claim 1, in whichthe account computer system comprises at least one of a personalcommunications device, a device interface, or a combination thereof. 9.The method of claim 1, in which the merchant computer systems comprisesat least one of a personal communications device, a device interface, ora combination thereof.
 10. The method of claim 1, further comprisingfreezing, by the account computer system, the account when the identityprofile does not match the unverified identity data.
 11. The method ofclaim 1, further comprising limiting, by the account computer system, avalue of a total transaction amount for the account until the accountcomputer system determines that the unverified identity data matches theidentity profile.
 12. An apparatus for electronically verifying identitydata of a customer, the apparatus comprising: a memory; and at least oneprocessor coupled to the memory, the at least one processor configured:to issue a financial instrument associated with an account for thecustomer without verifying the identity data of the customer; toreceive, from a merchant computer system associated with a merchant, arequest to approve a financial transaction between the merchant and thecustomer using the financial instrument; to receive, from the merchantcomputer system, a portion of identity data in response to a request forthe customer to provide the portion of identity data from a customeridentification document during the financial transaction; to update anidentity profile of the customer by combining the portion of identitydata with different portions of previously received identity data thatwere previously received from different merchants during transactionsbetween the customer and the different merchants; to compare theidentity profile to unverified identity data of the customer when anumber of transactions with the financial instrument is greater than afirst transaction threshold; to determine whether to maintain orterminate the account based on the comparing; to maintain the accountwhen the identity profile matches the unverified identity data; and toterminate the account when the customer identity profile does not matchthe unverified identity data.
 13. The apparatus of claim 12, in whichthe at least one processor is further configured to open the accountwithout verifying the identity data with a credit reporting agency. 14.The apparatus of claim 12, in which: the at least one processor isfurther configured to determine the portion of identity data to request,and the portion of identity data is: a random portion of identity datawhen the number of transactions is less than a second transactionthreshold, and based on the different portions of previously receivedidentity data when the number of transactions is greater than the secondtransaction threshold.
 15. The apparatus of claim 12, in which theidentification document comprises at least one of a driver's license,passport, a government-issued identification document, an alienidentification card, a student identification card, a social securitycard, a tax identification card, a national identification card, a voteridentification card, a benefits card, an official identificationdocument, or a combination thereof.
 16. The apparatus of claim 12, inwhich the portion of identity data is obtained from a device of themerchant computer system that extracts the identity data embedded in astorage unit of the identification document or extracts the identitydata printed on the identification document.
 17. The apparatus of claim12, in which the at least one processor is further configured totransmit, to the merchant computer system, a message approving thefinancial transaction when a portion of the unverified identity datamatches the portion of identity data.
 18. The apparatus of claim 12, inwhich the account computer system comprises at least one of a personalcommunications device, a device interface, or a combination thereof. 19.The apparatus of claim 12, in which the at least one processor isfurther configured to freezing the account when the identity profiledoes not match the unverified identity data.
 20. The apparatus of claim12, in which the at least one processor is further configured to limit avalue of a total transaction amount for the account until the accountcomputer system determines that the unverified identity data matches theidentity profile.